Legal claims defining the scope of protection, as filed with the USPTO.
1. An electronic device for intrusion detection, the device comprising: memory circuitry to store a set of signature voltage ratios and a corresponding set of node identifiers, each node identifier corresponding to a unique signature voltage ratio; and security circuitry to: compare voltages received at a first and second measuring point on a bus, the voltages resulting from a message transmitted by a sending node on the bus, the first measuring point providing a first voltage and the second measuring point providing a second voltage; calculate a test voltage ratio from the first voltage and the second voltage; determine whether the test voltage ratio is in the set of signature voltage ratios; and initiate a security response based on whether the test voltage ratio is in the set of signature voltage ratios.
2. The device of claim 1 , wherein the device comprises the first measuring point on the bus.
3. The device of claim 2 , further comprising: transceiver circuitry to receive the message transmitted on the bus; and voltage measurement circuitry to determine the first voltage.
4. The device of claim 3 , wherein to determine the first voltage, the security circuitry is to: obtain a plurality of sample voltages from the message, provided by the voltage measurement circuitry; and calculate the first voltage form the plurality of sample voltages.
5. The device of claim 4 , wherein to calculate the first voltage from the number of voltages, the security circuitry is to calculate an average voltage from the plurality of sample voltages, and use the average voltage as the first voltage.
6. The device of claim 4 , wherein to calculate the first voltage from the number of voltages, the security circuitry is to calculate a median voltage from the plurality of sample voltages, and use the median voltage as the first voltage.
7. The device of claim 1 , wherein the bus is a controller area network (CAN) bus.
8. The device of claim 7 , wherein the voltages are off of a high bus line (CANH).
9. The device of claim 7 , wherein the voltages are off of a low bus line (CANL).
10. The device of claim 7 , wherein the voltages are off of a high bus line (CANH) and a low bus line (CANL), and wherein the test voltage ratio is associated with CANH and a second test voltage ratio is associated with CANL.
11. The device of claim 1 , wherein to initiate the security response, the security circuitry is to: determine that the test voltage ratio is not in the set of signature voltage ratios; and disable the sending node.
12. The device of claim 1 , wherein to initiate the security response, the security circuitry is to: determine that the test voltage ratio is not in the set of signature voltage ratios; and record the sending node in a security log.
13. The device of claim 1 , wherein to initiate the security response, the security circuitry is to: determine that the test voltage ratio is in the set of signature voltage ratios; determine a message identifier from the message; and determine whether the sending node is allowed to transmit the message with the message identifier.
14. The device of claim 13 , wherein the security circuitry is to disable the sending node when the sending node is not allowed to transmit the message with the message identifier.
15. The device of claim 13 , wherein the security circuitry is to record the sending node in a security log when the sending node is not allowed to transmit the message with the message identifier.
16. A method of intrusion detection, the method comprising: implementing memory to store a set of signature voltage ratios and a corresponding set of node identifiers, each node identifier corresponding to a unique signature voltage ratio; comparing voltages received at a first and second measuring point on a bus, the voltages resulting from a message transmitted by a sending node on the bus, the first measuring point providing a first voltage and the second measuring point providing a second voltage; calculating a test voltage ratio from the first voltage and the second voltage; determining whether the test voltage ratio is in the set of signature voltage ratios; and initiating a security response based on whether the test voltage ratio is in the set of signature voltage ratios.
17. The method of claim 16 , further comprising: receiving the message transmitted on the bus; and determining the first voltage.
18. The method of claim 17 , wherein determining the first voltage comprises: obtaining a plurality of sample voltages from the message, provided by the voltage measurement circuitry; and calculating the first voltage form the plurality of sample voltages.
19. The method of claim 18 , wherein calculating the first voltage from the number of voltages comprises calculating an average voltage from the plurality of sample voltages, and using the average voltage as the first voltage.
20. The method of claim 18 , wherein calculating the first voltage from the number of voltages comprises calculating a median voltage from the plurality of sample voltages, and using the median voltage as the first voltage.
21. At least one non-transitory machine-readable medium including instructions for intrusion detection, which when executed by a machine, cause the machine to perform the operations comprising: implementing memory to store a set of signature voltage ratios and a corresponding set of node identifiers, each node identifier corresponding to a unique signature voltage ratio; comparing voltages received at a first and second measuring point on a bus, the voltages resulting from a message transmitted by a sending node on the bus, the first measuring point providing a first voltage and the second measuring point providing a second voltage; calculating a test voltage ratio from the first voltage and the second voltage; determining whether the test voltage ratio is in the set of signature voltage ratios; and initiating a security response based on whether the test voltage ratio is in the set of signature voltage ratios.
22. The at least one machine-readable medium of claim 21 , wherein initiating the security response comprises: determining that the test voltage ratio is not in the set of signature voltage ratios; and recording the sending node in a security log.
23. The at least one machine-readable medium of claim 21 , wherein initiating the security response comprises: determining that the test voltage ratio is in the set of signature voltage ratios; determining a message identifier from the message; and determining whether the sending node is allowed to transmit the message with the message identifier.
24. The at least one machine-readable medium of claim 23 , further comprising disabling the sending node when the sending node is not allowed to transmit the message with the message identifier.
25. The at least one machine-readable medium of claim 23 , further comprising recording the sending node in a security log when the sending node is not allowed to transmit the message with the message identifier.
Unknown
November 13, 2018
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.